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monitors windows and Linux systems for 
file changes across cloud, on-premises 
instances as well as virtual assets. 


With out of the box monitoring profiles specifically created for mandates such as PCI-DSS, FedRAMP, security teams can 
concentrate on change events instead of defining what to monitor. With intuitive dashboards, you can continuously track change 
posture as well as get insights on change events with ‘what-who-when’. With ground-breaking features of ‘File Reputation’ and 
‘Trust Status’, security teams get automatically alerted for malicious or suspicious file changes as well as could automatically 
suppress good file changes due to known activities such as patching. These events are leveraged for correlation and automated 
incident generation. 


As a cloud-based service, Qualys FIM allows teams to eliminate the cost and complexity of deploying and maintaining multiple 
point solutions to globally comply with change monitoring requirements as well as provide security context of changes. 


“Deploying FIM via a cloud-based security and compliance platform allows enterprises to easily scale 
these efforts and take advantage of a consolidated security solution to achieve compliance on a 
global scale, while reducing the high costs of multiple point products.” 


| Robert Ayoub 
Research Director, IDC 


Key Use-cases supported by Qualys FIM 


Detect in real-time, Alert & Report 


Qualys FIM’s real-time monitoring helps you detect and report the 
malicious, unauthorized, anomalous activities in your environment. It 
provides visibility into who made the changes (user and process), full 
file paths and registry paths, the exact time of the change, and the 
actual change. Qualys FIM’s automated event correlation and alerts 
help you with a smoother incident management process in your 


organization. 


Single Agent 


Qualys FIM is built on Qualys Cloud Agent (CA) which is self- 
updating and self- healing, with no need to reboot. CA is currently 
supported on Windows and Linux platforms. CA helps consolidate 
asset inventory, vulnerability management, config change 
assessment, and other cybersecurity functions. CA continuously 
monitors files, directories, and Windows registry objects specified 
in the monitoring profile, with minimum impact on the endpoint. 


Scalable architecture that’s easy to manage 
ona secure platform 


The Qualys Cloud Platform allows you to scale to the largest 
environments without having to purchase expensive server software, 
hardware and storage. Performance impact on the endpoint is 
minimized by efficiently monitoring for file changes locally using a 
real-time detection driver and sending the data to the Qualys Cloud 
Platform, where the heavy work of analysis and correlation occur. The 
platform, which manages and stores the FIM data, is FedRAMP 
authorized and compliant to ISMS, SOC2 compliance requirements. 


Benefits 


Lower Total Cost of Ownership (TOC) 


© Qualys FIM leverages the Qualys Cloud Platform for data 
| storage, correlation, and analysis, eliminating the need for 


on-premise compute and storage. 


LO Time-to-Value 


Leverage dynamic policy configuration based on asset 


tags to ensure new assets are discovered and automatically 


configured for FIM without IT or the security team’s 
involvement. Out-of-the-box profiles helps in setting the 
base profile further reducing the onboarding time. 


Agent Consolidation 


i @ i The Qualys Cloud Agent is a lightweight and versatile agent, 


saving you from deploying and managing multiple point 
agents for different security tasks. 


Curated out-of-the-box content for PCI DSS 


Deciding and defining what to monitor is time consuming and 
requires research. Qualys FIM includes out-of- the-box monitoring 
profiles as well as well-defined alert and incident management rules, 
ready to import & operationalize. 


Reinforce Defense with File Reputation and 
Trusted Source Intelligence 


With ‘trust status’ and ‘file reputation service’, Qualys FIM 
automatically alerts for malicious or suspicious changes while 
whitelisting trusted changes, helping security teams with noise 
control and event prioritization, significantly reducing FIM alert 
management efforts while leveraging FIM tool to add context to your 


security program. 


FIM in DevOps pipeline 


Security & compliance teams can make sure critical files & registries 
are set to be monitored for production images, before they go in 
production. Integrate Qualys FIM into DevOps pipeline during the 
Continuous Deployment (CD) phase. Once the instances are in 
production, Qualys FIM provides comprehensive assurance that 
critical directories, file, and Windows registries are monitored for 


changes. 


Correlate FIM data in data lake 


Qualys FIM open APIs are devised to enable easy custom integrations 
with third party SIEM and log management systems. Qualys FIM 
provides out-of-the-box integration to ingest FIM events, alerts and 
incidents in Splunk to support host and user correlation. 


Ta Registry Monitoring 

B “Monitoring Profile for Windows Registry Settings” allows 
you to track changes in Windows registry objects, so that 
proactive steps can be taken towards securing your 
Windows assets. This profile includes the important registry 
objects to detect unauthorized changes to the autoruns, 
boot sequence, firewalls, and other critical functionalities. 


fi 


© L Reduced Noise 
Ready-to-use profiles are fine-tuned with specific inclusion/ 
exclusion filters ensuring minimal noise (false-positives) 


and send alerts only when required. 


CE) Integrated threat intelligence 

= Integrated with threat intelligence for event prioritization 
and noise reduction, Qualys FIM captures advanced insights 
into the change events and enables you to adhere to 
compliance requirements besides strengthening your 


security posture. 


Qualys FIM is a cloud solution for detecting and 
identifying critical changes, incidents, and risks resulting 
from normal and malicious events. 


Efficiently track changes to files in 
environments of all sizes 
The Qualys Cloud Agent technology couple with Qualys FIM allows for 


the monitoring of all critical assets across diverse cloud, on-premises 


and hybrid environments. 


© Real-time detection 


Detect change in your file systems in real time at the kernel/root level 
with minimal impact on system resources and network. Files and 
directories at any depth can be monitored using the FIM agent. 


© Context to detection 


FIM event captures the exact date/time, logged-in user, process, and 
owner of the process details. Additional context further enhances the 
response Capabilities. 


© Scalable Qualys Cloud Platform 


With Qualys Cloud Agent, you can scale dynamically. Minimal setup 
coupled with hosted services for event management, significantly 
reduces the demand on existing infrastructure further optimizing cost. 


© Seamless integration 


Qualys FIM seamlessly integrates with other Qualys modules to provide 
comprehensive context of your security posture. A single Qualys Cloud 
Agent is leveraged to enable multiple capabilities. 


© Extensive platform coverage 


Extensive coverage for all platforms - Microsoft Windows (servers and 
workstations) and Linux. 


Centralized event management, support 
open integration 


© RESTful API for integration 


Qualys FIM provides RESTful APIs for fetching events and incidents to 
be integrated with other log management, SIEM, and workflow 
management systems. 


© Splunk integration 


Qualys FIM provides out-of-the-box integration support for Splunk 
integration. 


Leverage Qualys security analyst 
capabilities, reduce exposure 


Whether you need FIM to meet your regulatory requirements such as 
GDPR or meet various compliance standards, Qualys FIM is designed 
to be easy to configure and flexible so you can tailor its capabilities to 


your organization’s needs. 


© Out of box profiles 


Manage profiles for Windows and Linux to meet PCI compliance. 
Profiles are updated regularly to allow for an ever-changing threat 
landscape and technology advances. 


© Custom profiles 


Qualys FIM supports multiple profiles. Create profiles from scratch, 
develop custom profiles based on out-of-the-box profiles to cater to 
your custom application and environments. 


© Reduce exposure to threats 


Leverage dynamic policy configuration based on asset tags to ensure 
new assets are discovered and automatically configured for FIM without 
IT or the security team’s involvement. 


© Support for DevSecOps CI/CD integration 


Integration of Qualys FIM in CI/CD workflow for golden images ensures 
real-time availability of the passive compensatory control “Continuous 
Monitoring” for the system components - Critical OS as well as 
Application/Workload file paths. 


splunk App: Qualys FIM App for Splunk Enterprise v 2) Messages ¥ 


Dashboard Events Incidents Ignored Events Debug 


Dashboard 


Event Count Event Trends 


89,1 


100,000 


Number of Events 
a 
ked 
o 
© 
[s] 


Q 4+ i ©  7minutesago 


Tue Jul 7 Thu Jul 9 Sat Jul 1 Mon Jul 13 Wed Jul 15 Fri Jul 17 Sun Jul 19 Tue Jul 21 Thu Jul 23 Sat Jul 25 Mon. 


Incidents 


1.5 


Incidents 
o 
o _ 


_time 
E Authorized Windows Update Activity-20200714-143342 WS Unauthorized Events in CSAA Linux Envir 


Ignored Events 


150 


Number of Events 
uo 
oO 


Powered by the Qualys Cloud Platform 


Single-pane-of-glass Ul 


See the results in one place, in seconds. With AssetView, 
security and compliance pros and managers get a complete 

and continuously updated view of all IT assets — from a single 
dashboard interface. Its fully customizable and lets you see the 
big picture, drill down into details, and generate reports for 
teammates and auditors. Its intuitive and easy-to-build dynamic 
dashboards to aggregate and correlate all of your IT security 

and compliance data in one place from all the various Qualys 


Cloud Apps. 


Easy deployment 


Deploy from a public or private cloud — fully managed by Qualys. 
With Qualys, there are no servers to provision, software to install, 
or databases to maintain. You always have the latest Qualys 
features available through your browser, without setting up 


special client software or VPN connections. 


Centralized & customized 


Centralize discovery of host assets for multiple types of 
assessments. Organize host asset groups to match the 
structure of your business. Keep security data private with 
our end-to-end encryption and strong access controls. You 
can centrally manage users’ access to their Qualys accounts 
through your enterprise’s single sign-on (SSO). Qualys 


supports SAML 2.0-based identity service providers. 


Scalable and extensible 


Scale up globally, on demand. Integrate with other systems via 
extensible XML-based APIs. You can use Qualys with a broad range 
of security and compliance systems, such as GRC, ticketing systems, 
SIEM, ERM, and IDS. 


Request a full trial Cunlimited-scope) at 
qualys.com/trial 


It’s an out-of-the-box solution that’s centrally managed and self-updating. 
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